Igor Drozdov authored 5 years ago and Douwe Maan committed 5 years ago

Some general code has been added/removed in EE version
which needs to be backported in CE

Now we have terminals for instance and group clusters we can remove the
FF now. Deploying to group clusters has been working without complaints
too.

Jasper Maes authored 6 years ago and Heinrich Lee Yu committed 5 years ago

Model.new.attributes now also returns encrypted attributes.

Add columns to store project creation settings

Add project creation level column in groups
 and default project creation column in application settings

Remove obsolete line from schema

Update migration with project_creation_level column existence check

Rename migrations to avoid conflicts

Update migration methods

Update migration method

mksionek authored 5 years ago and James Lopez committed 5 years ago

Chnage method used in model to make it
more efficient database-wise
Add additional spec

Kamil Trzcińśki authored 6 years ago and Grzegorz Bizon committed 6 years ago

This makes code to support encrypted runner tokens.
This code also finished previously started encryption
process.

Signed-off-by: Rémy Coutable <remy@rymai.me>

Currently if a project is inside a nested group and a user doesn't have
specific permissions for that group but does have permissions on a
parent group the `GET /projects/:id` API call will return the following
permissions:

```json
permissions: { project_access: null, group_access: null }
```

It could also happen that the group specific permissions are of lower
level than the ones the user has in parent groups. This patch makes it
so that the permission returned for `group_access` is the highest from
amongst the hierarchy, which is (ostensibly) the information that the
API user is interested in for that field.

- we now use the hierarchy class also for epics
- also rename supports_nested_groups? into supports_nested_objects?
  - move it to a concern

With this MR, group clusters is now functional, so default to enabled.

Have a single setting on the root ancestor group to enabled or disable
group clusters feature as a whole

Even though we currently only should have one group for a cluster, we
allow the flexibility to associate to other groups in the future.

This also matches the runner <=> groups association.

- Adds Cluster#first_group, aliased to Cluster#group. For the
conceivable future, a cluster will have at most one group.

- Prevent mixing of group and project clusters. If project type
clusters, it should only have projects assigned.  Similarly with groups.

- Default cluster_type to :project_type. As it's very small table we can
set default and null: false in one release.

This commit adds the module `FromUnion`, which provides the class method
`from_union`. This simplifies the process of selecting data from the
result of a UNION, and reduces the likelihood of making mistakes. As a
result, instead of this:

    union = Gitlab::SQL::Union.new([foo, bar])

    Foo.from("(#{union.to_sql}) #{Foo.table_name}")

We can now write this instead:

    Foo.from_union([foo, bar])

This commit also includes some changes to make this new setup work
properly. For example, a bug in Rails 4
(https://github.com/rails/rails/issues/24193) would break the use of
`from("sub-query-here").includes(:relation)` in certain cases. There was
also a CI query which appeared to repeat a lot of conditions from an
outer query on an inner query, which isn't necessary.

Finally, we include a RuboCop cop to ensure developers use this new
module, instead of using Gitlab::SQL::Union directly.

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/51307

This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.

This reverts commit 8717c7da.

Partially addresses #47424.

This reverts commit 4d9a3f42, reversing
changes made to ecf9c145.

Signed-off-by: Rémy Coutable <remy@rymai.me>

ObjectStore uploader requires presence of associated `uploads` record
when deleting the upload file (through the carrierwave's after_commit
hook) because we keep info whether file is LOCAL or REMOTE in `upload`
object.

For this reason we can not destroy uploads as "dependent: :destroy" hook
because these would be deleted too soon. Instead we rely on
carrierwave's hook to destroy `uploads` in after_commit hook.

But in before_destroy hook we still have to delete not-mounted uploads
(which don't use carrierwave's destroy hook). This has to be done in
before_Destroy instead of after_commit because `FileUpload` requires
existence of model's object on destroy action.

This is not ideal state of things, in a next step we should investigate
how to unify model dependencies so we can use same workflow for all
uploads.

Related to #45425